Method and system for authenticating access to heterogeneous computing services
Abstract
A method and system for authenticating access to heterogeneous computing services is provided. In a preferred embodiment, logon providers are configured into the computer system, which provide secure access to their services by requiring authentication of user identification information using a logon mechanism. According to this embodiment, a user designates a primary logon provider to provide an initial logon user interface. The user enters identification information when this user interface is displayed, for example a user name, a password and a domain. The computer system executes a logon sequence, which first invokes the primary logon provider to collect identification information and to authenticate the user for access to services provided by the primary logon provider. The system then authenticates the collected identification information to provide the user access to operating system computer services. If the system logon authentication procedure is not successful, then the logon sequence displays its own user interface to collect additional identification information. The logon sequence then invokes the logon routines of other logon providers to enable them to authenticate already collected identification information without displaying additional user interfaces. A preferred embodiment enables the system logon sequence to use authentication information stored on a network to authenticate the user for access to local computing services. Also, logon providers can be provided for drivers other than network drivers when a logon mechanism is required to access their computing services. Further, using a primary logon provider, the initial logon user interface displayed to collect identification information can be replaced.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method in a computer system network environment for authenticating access to computing services, the computer system network environment having a local computer system that can be connected to multiple heterogeneous networks, the local computer system having local authentication code to access local computer system services, the method comprising the computer-implemented steps of: determining a primary logon driver, the primary logon driver for providing access to a first network and having a user interface with components for collecting identification information for the primary logon driver; invoking the primary logon driver; under control of the primary logon driver, invoking the user interface of the primary logon driver when needed; in response to receiving identification information through the user interface components, authenticating the received identification information to allow access to the first network; and indicating the authenticated identification information to the local authentication code; under control of the local authentication code, authenticating the indicated identification information to allow access to the local computer system services; determining a supplemental logon driver for providing access to a second network; invoking the determined supplemental logon driver; and under control of the invoked supplemental logon driver, authenticating previously provided identification information to allow access to the second network.
2. The method of claim 1 wherein the step of authenticating the indicated identification information to allow access to the local computer system services is performed without invoking another user interface.
3. The method of claim 1 wherein the step of, under control of the primary logon driver, invoking the user interface is only performed when the primary logon driver is actively connected to the first network.
4. The method of claim 1 wherein the step of, under control of the primary logon driver, invoking the user interface is performed when the primary logon driver establishes that it can access resources in order to perform the step of authenticating.
5. The method of claim 1 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed using the identification information authenticated by the primary logon driver.
6. The method of claim 1 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed using the identification information authenticated by the local authentication code.
7. The method of claim 1 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed without invoking another user interface.
8. The method of claim 1 wherein the step of determining the primary logon driver is performed under the control of a user.
9. The method of claim 1 wherein the user interface of the primary logon driver is supplied by the primary logon driver.
10. A method in a computer system for authenticating access to local system services, the computer system having system authentication code to secure access to the local system services, the method comprising the computer-implemented steps of: selecting one of a plurality of logon providers as a primary logon provider, the primary logon provider for providing access to provider services and having a user interface with components for collecting identification information; invoking the user interface of the primary logon provider when needed; under control of the primary logon provider and in response to receiving identification information through the user interface components or using provided authentication information, authenticating the received or provided identification information to allow access to the provider services and indicating the received or provided information to the system authentication code; and under control of the system authentication code, authenticating the indicated received or provided identification information to allow access to the local system services.
11. The method of claim 10 wherein the user interface of the primary logon provider is supplied by the primary logon provider thereby enabling replacement of the user interface.
12. The method of claim 10 wherein the primary logon provider is a network driver and the step of authenticating the received or provided identification information to allow access to the provider services provides access to a network when the authentication is successful.
13. The method of claim 10 wherein the step of authenticating the indicated received or provided identification information to allow access to the local system services includes the substep of invoking a second user interface for receiving identification information that is different from the first user interface, when the step of authenticating the received or provided identification information to allow access to the provider services is not successful.
14. The method of claim 10 wherein the step of authenticating the received or provided identification information to allow access to the provider services is performed when the primary logon provider is successfully connected to a device, a pseudo-device, or a set of services.
15. The method of claim 10 wherein the step of determining the primary logon provider comprises the substeps of: displaying a list of logon providers; and designating one of the displayed logon providers as the primary logon provider.
16. The method of claim 15 wherein the step of designating one of the displayed logon providers is performed in response to a user selection of one of the logon providers from the displayed list.
17. A method in a computer system for authenticating access to a plurality of resources using a single user interface, the computer system having authentication code to access system services, the method comprising the computer-implemented steps of: determining a primary logon provider, the primary logon provider for providing access to provider services and having a user interface for identifying access information; invoking the user interface of the primary logon provider when appropriate; identifying access information, the access information being collected through the invoked user interface of the primary logon provider when appropriate; authenticating the identified access information to allow access to the provider services; authenticating the identified access information to allow access to the system services without invoking an additional user interface; determining a supplemental logon provider, the supplemental logon provider for providing access to supplemental provider services; and authenticating the identified access information to allow access to the supplemental provider services without invoking an additional user interface.
18. The method of claim 17 wherein the primary logon provider is a network driver and the step of authenticating the identified access information to allow access to the provider services provides access to a network when the authentication is successful.
19. The method of claim 18 wherein the supplemental logon provider is a network driver and the step of authenticating the identified access information to allow access to the supplemental provider services provides access to a second network when the authentication is successful.
20. The method of claim 19 wherein the second network is a different type of network abiding by a different communications protocol than the network accessible through the provider services of the primary logon provider.
21. The method of claim 17 wherein the supplemental logon provider is a network driver and the step of authenticating the identified access information to allow access to the supplemental provider services provides access to a second network when the authentication is successful.
22. A method in a computer system for authenticating access to the computer system, the computer system having a system defined user interface to identify access information and having authentication code to access system services, the method comprising the computer-implemented steps of: determining a primary logon provider, the primary logon provider for providing access to provider services and having a user interface for identifying access information; determining whether the primary logon provider is successfully connected to a device or pseudo-device for which the provider services are provided; when it is determined that the primary logon provider is successfully connected, invoking the user interface of the primary logon provider; identifying access information through the invoked user interface of the primary logon provider; authenticating the identified access information to allow access to the provider services; and authenticating the identified access information to allow access to the system services without invoking an additional user interface; and when it is determined that the primary logon provider is not successfully connected, invoking the system defined user interface; identifying access information through the invoked system defined user interface; and authenticating the access information identified through the system defined user interface to allow access to the system services.
23. A method in a computer system for accessing system authentication information stored on a network, the computer system having local system logon code to enable access to local computer system services, the method comprising the computer-implemented steps of: invoking a primary logon provider, the primary logon provider providing a user interface for collecting identification information and having code for accessing a network; under control of the primary logon provider, invoking the user interface of the primary logon provider when needed; identifying identification information, the identified information either received through the displayed user interface or provided without invoking the user interface of the primary logon provider; authenticating the identified identification information for access to the network; and indicating the identified identification information to the local system logon code; invoking the local system logon code; and under control of the local system logon code, using the indicated identification information to access the network; retrieving the system authentication information stored on the network using the primary logon provider code; and authenticating the indicated identification information for access to the local computer system services using the system authentication information retrieved from the network.
24. A computer system for authenticating access to local system services comprising: means for determining a primary logon driver, the primary logon driver for providing access to driver services and having a user interface for identifying access information; driver means for invoking the user interface of the determined primary logon driver, identifying access information, authenticating the identified access information for access to the driver services, and sending the authenticated access information; system means for authenticating the sent access information for access to the local system services, which operates in response to receiving the authenticated access information from the driver means and which operates without invoking another user interface; and logon means for invoking the primary logon driver determination means and for invoking the driver means.
25. The computer system of claim 24 wherein the driver means is a network driver that provides access to a network when the driver means successfully authenticates the identified access information.
26. The computer system of claim 24, the driver means performing the invoking of the user interface when the primary logon driver is successfully connected to a device or pseudo-device.
27. A computer system for authenticating access to system services comprising: means for determining a primary logon driver, the primary logon driver for providing access to driver services and having a user interface for identifying access information; driver means for, when the primary logon driver is successfully connected to a device or pseudo-device, invoking the user interface of the determined primary logon driver, identifying access information, authenticating the identified access information for access to the driver services, and sending the authenticated access information; system means for authenticating the sent access information for access to the system services, which operates in response to receiving the authenticated access information from the driver means and which operates without invoking another user interface; logon means for invoking the primary logon driver determination means and for invoking the driver means; and an alternate system means for authenticating access information for access to the system services, which is invoked by the logon means to operate when the primary logon driver is not successfully connected to a device or to a pseudo-device and which invokes a system user interface for identifying access information and authenticates the access information identified by the system user interface in order to provide access to the system services.
28. A local computer system comprising: a input-output device; a primary logon driver associated with a set of driver services that provide access to the input-output device that, in response to being invoked, invokes a user interface when needed to retrieve an identification name and password from a user, authenticates the retrieved identification name and password for access to the driver services, and returns the authentication results; a router that, in response to being invoked, invokes the primary logon driver and uses the authentication results returned by the primary logon driver to authenticate the user for access to the local computer system; and a command sequence that causes the router to be invoked.
29. The computer system of claim 28 wherein the input-output device is a network and the primary logon driver is a network driver that provides access to the network, whereby the authentication results returned by the network driver are used to authenticate access to the local computer system.
30. The computer system of claim 28 wherein the input-output device is a storage device that stores a database and the primary logon driver is associated with a set of database services that provide access to the database, and wherein the access to the local computer system is to services that are not database services.
31. The computer system of claim 28 wherein the primary logon driver is an electronic mail server, and wherein the access to the local computer system is to services that are not electronic mail services.
32. The computer system of claim 28 wherein the router invokes a second user interface that is different than the first user interface if the authentication results returned by the primary logon driver are unsuccessful.
33. The computer system of claim 28 wherein the primary logon driver first determines whether the primary logon driver is successfully connected to the input-output device and, when it is determined that the driver is not successfully connected, returns authentication results indicating unsuccessful authentication, without invoking the user interface.
34. The computer system of claim 33 wherein the router invokes a local system user interface if the authentication results returned by the primary logon driver are unsuccessful.
35. The computer system of claim 28 wherein the router uses the returned authentication results without invoking an additional user interface to provide access to the local computer system.
36. A distributed computer-readable memory medium containing instructions for controlling a computer processor in a computer system network environment to authenticate access to computing services, the computer system network environment having a local computer system that can be connected to multiple heterogeneous networks, the local computer system having local authentication code to access local :.computer system services, by performing the steps of: determining a primary logon driver, the primary logon driver for providing access to a first network and having a user interface with components for collecting identification information for the primary logon driver; invoking the primary logon driver; under control of the primary logon driver, invoking the user interface of the primary logon driver when needed; in response to receiving identification information through the user interface components, authenticating the received identification information to allow access to the first network; and indicating the authenticated identification information to the local authentication code; under control of the local authentication code, authenticating the indicated identification information to allow access to the local computer system services; determining a supplemental logon driver for providing access to a second network; invoking the determined supplemental logon driver; and under control of the invoked supplemental logon driver, authenticating previously provided identification information to allow access to the second network.
37. The distributed computer-readable memory medium of claim 36 wherein the step of authenticating the indicated identification information to allow access to the local computer system services is performed without invoking another user interface.
38. The distributed computer-readable memory medium of claim 36 wherein the step of, under control of the primary logon driver, invoking the user interface is only performed when the primary logon driver is actively connected to the first network.
39. The distributed computer-readable memory medium of claim 36 wherein the step of, under control of the primary logon driver, invoking the user interface is performed when the primary logon driver establishes that it can access resources in order to perform the step of authenticating.
40. The distributed computer-readable memory medium of claim 36 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed using the identification information authenticated by the primary logon driver.
41. The distributed computer-readable memory medium of claim 36 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed using the identification information authenticated by the local authentication code.
42. The distributed computer-readable memory medium of claim 36 wherein the step of, under control of the invoked supplemental logon driver, authenticating previously provided identification information is performed without invoking another user interface.
43. The distributed computer-readable memory medium of claim 36 wherein the step of determining the primary logon driver is performed under the control of a user.
44. A distributed computer-readable memory medium containing instructions for controlling a computer processor in a computer system to authenticate access to local system services, the computer system having system authentication code to secure access to the local system services, by performing the steps of: selecting one of a plurality of logon providers as a primary logon provider, the primary logon provider for providing access to provider services and having a user interface with components for collecting identification information; invoking the user interface of the primary logon provider when needed; under control of the primary logon provider and in response to receiving identification information through the user interface components or using provided authentication information, authenticating the received or provided identification information to allow access to the provider services and indicating the received or provided information to the system authentication code; and under control of the system authentication code, authenticating the indicated received or provided identification information to allow access to the local system services.
45. The distributed computer-readable memory medium of claim 44 wherein the user interface of the primary logon provider is supplied by the primary logon provider thereby enabling replacement of the user interface.
46. The distributed computer-readable memory medium of claim 44 wherein the primary logon provider is a network driver and the step of authenticating the received or provided identification information to allow access to the provider services provides access to a network when the authentication is successful.
47. The distributed computer-readable memory medium of claim 44 wherein the step of authenticating the indicated received or provided identification information to allow access to the local system services includes the substep of invoking a second user interface for receiving identification information that is different from the first user interface, when the step of authenticating the received or provided identification information to allow access to the provider services is not successful.
48. The distributed computer-readable memory medium of claim 44 wherein the step of authenticating the received or provided identification information to allow access to the provider services is performed when the primary logon provider is successfully connected to a device, a pseudo-device, or a set of services.
49. The distributed computer-readable memory medium of claim 44 wherein the step of determining the primary logon provider comprises the substeps of: displaying a list of logon providers; and designating one of the displayed logon providers as the primary logon provider.
50. The distributed computer-readable memory medium of claim 49 wherein the step of designating one of the displayed logon providers is performed in response to a user selection of one of the logon providers from the displayed list.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.